Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Platform Wildcard Certificates #655

Open
jefkel opened this issue Mar 27, 2020 · 0 comments
Open

Platform Wildcard Certificates #655

jefkel opened this issue Mar 27, 2020 · 0 comments
Labels
Epic A large body of work that can be broken down into a number of smaller stories

Comments

@jefkel
Copy link
Collaborator

jefkel commented Mar 27, 2020
edited
Loading

This EPIC is to track outstanding certificate requests and provide a summary view.

Artifactory

The Artifactory repository service has been launched with the artifacts.developer.gov.bc.ca service name. There is an additional requirement to provide proxied image-registry service names with a naming convention of {image-repo}.artifacts.developer.gov.bc.ca. This requires a wildcard certificate for the proxied services.
A request for the following wildcard certificate was made, and has been rejected. An exception process is underway.

  • *.artifacts.developer.gov.bc.ca - proxied repository names

See the following project tickets:
#651
BCDevOps/developer-experience#96

OCP 4

Api and wildcard certificates are required for the OCP 4 platform. Currently we have identified the following names (and certificate requirements) for 3 of the OCP 4 clusters (Note: if names are required to change, we need to adjust ASAP as we are already rolling with these names and will need to change some existing work) Requests have been made, and are pending additional information to be sent, however it is expected that the requests will be rejected and will require some sort of exemption.

Kamloops Operations Lab

  • *.apps.cowichan.devops.gov.bc.ca - wildcard for application proxy service
  • api.cowichan.devops.gov.bc.ca - api endpoint for automation and tool access

Calgary Operations Lab

  • *.apps.thetis.devops.gov.bc.ca - wildcard for application proxy service
  • api.thetis.devops.gov.bc.ca - api endpoint for automation and tool access

Kamloops Developer-Prod-1

  • *.apps.pacific.devops.gov.bc.ca - wildcard for application proxy service
  • api.pacific.devops.gov.bc.ca - api endpoint for automation and tool access

See the following project ticket:
https://app.zenhub.com/workspaces/openshift-4-build-out-5db73142897668000144f22b/issues/bcdevops/openshift4-rollout/176

KeyCloak (SSO)

The KeyCloak SSO service is being re-branded to leverage its own service name instead of the sso.pathfinder.gov.bc.ca service name. The name of the new service is oidc.gov.bc.ca. A request for a wildcard certificate for *.oidc.gov.bc.ca was requested and rejected. The following is an idea for modifying our certificate request to specific DNS names (which may be easier to get approval for):

  • oidc.gov.bc.ca (possibly prod.oidc.gov.bc.ca as well?)
  • test.oidc.gov.bc.ca
  • dev.oidc.gov.bc.ca
    In order to develop and test new features for integration into the service, the following is an idea for a wildcard service name:
  • *.sandbox.oidc.gov.bc.ca
    See the following project ticket:
    Create DNS record + SSL Cert for new KC SSO developer-experience#138
@jefkel jefkel added the Epic A large body of work that can be broken down into a number of smaller stories label Mar 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Epic A large body of work that can be broken down into a number of smaller stories
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jefkel